#!/usr/bin/make -f
DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)

# Enable hardening features for daemons
# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing
export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie
DPKG_EXPORT_BUILDFLAGS = 1
# Include buildflags.mk so we can append to the vars it sets.
include /usr/share/dpkg/buildflags.mk

# Disable systemd integration on non-linux archs
ifeq ($(DEB_HOST_ARCH_OS),linux)
CONFIGURE_ARGS += --enable-systemd --with-systemd=/lib/systemd/system
DH_ARGS += --with systemd
else
CONFIGURE_ARGS += --disable-systemd
endif


# Use new build system
%:
	dh $@ \
	  --with autoreconf \
	  $(DH_ARGS)

override_dh_auto_configure:
	dh_auto_configure -- \
		--sysconfdir=/etc/powerdns \
		--enable-unit-tests \
		--with-lua=luajit \
		--with-libcap \
		--with-libsodium \
		--with-protobuf=yes \
		--enable-dnstap \
		--without-net-snmp \
		--disable-silent-rules \
		--with-service-user=pdns \
		--with-service-group=pdns \
		$(CONFIGURE_ARGS)

override_dh_auto_install:
	dh_auto_install
	install -d debian/pdns-recursor/usr/share/pdns-recursor/lua-config
	install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/lua-config debian/lua-config/rootkeys.lua
	install -m 644 -t debian/pdns-recursor/etc/powerdns debian/recursor.lua
	rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist
	./pdns_recursor --no-config --config | sed \
		-e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
		-e 's!# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \
		-e 's!# local-address=.*!local-address=127.0.0.1!' \
		-e 's!# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \
		-e 's!# quiet=.*!quiet=yes!' \
		-e 's!# setgid=.*!setgid=pdns!' \
		-e 's!# setuid=.*!setuid=pdns!' \
		-e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \
		> debian/pdns-recursor/etc/powerdns/recursor.conf

override_dh_strip:
	dh_strip --ddeb-migration='pdns-recursor-dbg'

override_dh_installinit:
	dh_installinit --error-handler=initscript_error

override_dh_gencontrol:
	dh_gencontrol -- $(SUBSTVARS)

override_dh_fixperms:
	dh_fixperms
# these files often contain passwords. 640 as it is chowned to root:pdns
	chmod 0640 debian/pdns-recursor/etc/powerdns/recursor.conf